Weitere ähnliche Inhalte Ähnlich wie Scale - Best Practices for Migrating your Microsoft Workloads to AWS (20) Mehr von Amazon Web Services (20) Scale - Best Practices for Migrating your Microsoft Workloads to AWS1. P U B L I C S E C T O R
S U M M I T
SINGAPORE
2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Best Practices for Migrating your
Microsoft Workloads to AWS
Steve Sofian
Senior Solutions Architect
Worldwide Public Sector
AWS
3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
The focus of this session is on migrating your existing Microsoft
applications to Amazon Web Services (AWS)
• Holistic approach to migrating typical Microsoft Applications on AWS
• Process for building your landing zone on AWS with security first
approach, including fully automated compliance controls, before
embarking on your migration
• Approach to build repeatable architectures
In this session
4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Most Experience
11years running Windows
workloads
service offerings
165+
Global Reach & High Availability
66Availability Zones spanning 21
geographic Regions
with consistency
80,000
Capable of delivering up to
Security & Compliance
IOPS/
instance
HIPAA, FISMA, ITAR, EU Model Clauses
50+compliance certifications
SOC-1,2,3 FIPS, ISO
72price reductions since 2006
Customer Obsession &
Innovation
Improve TCO
Why customers choose AWS for their Microsoft Applications
6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Innovation for Windows on AWS
Key Windows launches since 2008
90+
40+
750+
instance types, 22 instance families
different AMIs for Windows workloads
Windows ISV listings
in AWS Marketplace
Windows Deep Learning AMI
Hyper-V support in SMS
Application-consistent Snapshots through VSS
WS 2008 & SQL Server 2008
Visual Studio Toolkit
Microsoft SCOM plug-in release
AWS Directory Service
Amazon EC2 Dedicated Hosts (BYOL)
Microsoft SharePoint 2016 (Marketplace)
Windows Server 2008 R2
SQL Server 2008 R2
Windows Server 2003
SQL Server 2005
.NET SDK
Microsoft SCVMM Plug-in
Windows Server 2012
SQL Server 2012
AWS Tools for Windows PowerShell
Amazon RDS adds SQL Server
Amazon EC2 Run Command
Amazon EC2 Systems Manager
Windows Server & SQL Server 2016
Amazon EC2 Dedicated Instances (BYOL)
.NET on AWS Lambda
& Codebuild
SAP instance on AWS 2012
Trusted Advisor
checks for Windows
SQL Server 2017 on Amazon EC2/Amazon RDS
X-Ray .NET SDK
CustomerAdoption
Windows for Lightsail
.NET Core & Powershell
on AL2/Ubuntu
2008 Today
.NET Core 2.0 Support
with AWS Lambda &
AWS X-Ray
Windows Containers
.NET Core 2.1 Support
7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
AWS Tools for Windows development
Visual Studio
PowerShell
NuGet
Command line
Visual Studio Team
Services (VSTS)
AWS Toolkit for
Visual Studio
AWS SDK for
.NET
AWS Tools for
Powershell
AWS Command Line
Interface (AWS CLI)
AWS Tools for VSTS
8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Flexible options for Microsoft licenses in the AWS
Cloud
1. Flexible pay-as-you-go
licensing choices
2. Bring your license mobility
benefits to AWS
3. Bring licenses to AWS without
paying software assurance
Dedicated options for
licenses not eligible for
License Mobility
Default tenancy
for License Mobility
eligible products with
Software Assurance
AWS licensing
Buy license-included
instances from AWS
(Windows Server, SQL
Server)
Bring licenses to AWS
9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Network design
Amazon VPC
Design
Subnet
Design
Access Control Lists &
Security Groups
Logging and
Monitoring
VPN/
AWS Direct Connect
AWS Cloud
11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
What does every enterprise Microsoft Service depend
on?
• Active Directory
• With AWS Directory Service for Microsoft Active Directory, identify
your AD architecture
• You can choose to extend your existing domain or domains
into AWS or deploy a new domain in AWS—with or without
trust relationships
• Bring your existing group policies
12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
AWS Managed Directory Service for Microsoft AD
AWS Managed
Microsoft AD
Directory
SaaS Applications
Azure AD
Amazon
WorKSpaces
RDS for SQL
Server
Amazon
WorkDocs
Amazon
WorkMail
Amazon
QuickSight
AWS Management
Console
Amazon
Chime
Amazon
Connect
AWS Apps & Services
Enable, authenticate, & authorize
Manage, authenticate,
& authorize
.NET
Applications
Server
SharePoint
Server
AD-aware Workloads
SQL ServerRemote
Desktop
Licensing
Manager
.NET SharePoint
SQL
Server
RD
Licensing
Enterprise
Certificate
Authority
Certificate
Services
Domain join &
manage
Amazon
Windows EC2
instances
Amazon Linux
EC2 instances
Amazon EC2
SAML
authenticate
Synchronize
users
AD FS
Server
AD FS
Azure AD
Connect
Server
Federate
ADSync
On-premises
Microsoft Active
Directory
On-premises user
credentials
Department
data center
13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Microsoft Active Directory migration using ADMT
Availability Zone B
Department Network
Trust relationship
Availability Zone A
department.local
VPNDomain
client
AWS Managed Microsoft AD
PES Install
ADMT
DC1
AWS
Direct
Connect
14. Auto scaling group
Amazon VPC
Public subnet
Availability Zone 1
NAT gateway
IIS Web/App
Public subnet
Availability Zone 2
NAT gateway
Always-on availability group
Instance InstanceRDGW RDGW
VPN connection
On-premises
Client
Amazon VPC
endpoint
Private subnet Private subnet
VPN
gateway
Internet
gateway
Users
IIS Web/App
Microsoft
Workload
Sample
Reference
Architecture
15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Where can I run SQL Server workloads on AWS?
Amazon Relational Database Service
(Amazon RDS)
Amazon Elastic Compute Cloud
(Amazon EC2)
Managed service with up to 64 vCPU, 488 -GB RAM, and 16-TB storage
Self-managed virtual machine with up to 128 vCPU, 4-TB RAM, and 400-TB storage
MS SQL instance
17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
SQL Server Amazon EC2 vs Amazon RDS: Which
should I use?
Amazon
EC2
Amazon
RDS
License included
BYOL
Full control over the instance
Automated backups
Self-managed AlwaysOn Availability
Groups
AWS-managed Multi-AZ deployment
18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
SQL Server storage optimization
Storage I/O contention is one of
the main causes for poor SQL
Server performance
• Use Amazon EBS Optimized
Amazon EC2 Instances
• Match storage technology with
I/O pattern of workload
components
• Match instance type to IOPS and
throughput needs of workload
• Create a single volume for data
and logs
19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
SQL Server migration options
* Network bandwidth and latency considerations
Migration method Amazon
RDS
Target
Amazon EC2
Target
Downtime DB Objects Cross-
Engine
Backup/Restore Yes Yes
Yes
(hrs)
Data, Schemas, Stored
Procedures, Triggers, Indexes
No
Import/Export
Bulk Copy
Yes Yes
Yes
(mins-hrs)
Data, Schemas, Stored
Procedures, Triggers, Indexes
No
SQL Log
Shipping*
No Yes
Minimal
(secs-mins)
Pre-create the DB, Sync No
Hybrid
Architecture*
No Yes
Minimal
(secs-mins)
Pre-create the DB, Sync No
AWS DMS* Yes Yes
Minimal
(secs-mins)
With SCT (Data, Schemas, Stored
Procedures, Triggers, Indexes)
Yes (SCT)
20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Application users
AWS Database Migration Service for live migration
Start a replication instance
Connect to source and target
databases
Select tables, schemas, or
databases
Let AWS Database Migration
Service (AWS DMS) create tables,
load data, and keep them in sync
Switch applications over to the
target at your convenience
Customer
premises
AWS
Internet
VPN
21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
AWS
Direct
Connect
A private
connection
between your data
center, office, or
colocation
environment and
AWS
AWS Snow
family
(Snowball, Snowball
Edge, Snowmobile)
Secure, physical
transport
appliances that
move up to
Exabytes of data
into and out of AWS
AWS
Storage
Gateways
Hybrid storage that
seamlessly connects
on-premises
applications to AWS
storage; ideal for
backup, DR, bursting,
tiering, or migration
Amazon
Kinesis Data
Firehose
Capture, trans-
form, & load
streaming data
into Amazon S3 for
use with Amazon
business
intelligence and
analytics tools
Amazon EFS
File
Sync
Up to 5x faster file
transfers than open
source tools. Ideal
for migrating data
into Amazon EFS or
moving between
cloud file systems
Amazon S3
Transfer
Acceleration
Up to 300%
faster transfers
into and out of
Amazon S3; ideal
when working
with long
geographic
distances
APN
Competency
Partners
Integrations
between third-party
vendors and AWS
services; ideal for
leveraging existing
software licenses
and skills
Networks Shipping Hybrid
Many ways to move data to AWS
22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
AWS Snowball AWS Snowball Edge AWS Snowmobile
• 80 TB capacity/10 G network
• Data encryption end-to-end
• Rugged 8.5 G impact case
• Rain and dust resistant
• 100 TB capacity/10 Gb network
• Data encryption end-to-end
• Rugged 8.5 G impact case
• Rain and dust resistant
• Compute and storage for
hybrid/edge workloads
• Rack-mountable, clusterable
• Exabyte-scale 45ft container
• Data encryption end-to-end
• Dedicated security personnel
• GPS tracking, alarm monitoring,
24/7 surveillance, and optional
additional security
AWS Snow family
23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Application migration options
Start
replication
Deploy AWS
SMS connector
Tag AMIs Deploy using AWS
CloudFormation
(CF)
Swap blue-
green
Use ECR for
storing images
Create/extend
code build to AWS
Deploy
using CF
RefactorSelect AWS
Serverless
services
Deploy using
SAM
ReplatformRehost Refactor
Fastest
Cloud economies
Adopt cloud native
services
25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Rehost using AWS Server Migration Service
vSphere
ESXi
HOST
ESXi
HOST
ESXi
HOST AWS SMS
SMS VM
Web AMI
App AMI
AMI
AMI
26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
.NET application migration strategies
Deploy .NET framework apps “as is” to Amazon EC2
Every app can have custom server configuration, different .NET
Framework versions, IIS configuration, dependencies, etc.
Containerize in Windows Containers and orchestrate with
Amazon ECS
Supports different .NET Framework versions, IIS configurations,
dependencies
Reduces $$ for OS licensing costs (host only)
Port to .NET Core and run in Amazon ECS or Fargate as Linux
Containers, Windows Nano containers, or serverless
No OS licensing costs, smaller containers
Enables deploying apps to AWS Lambda
LevelofEffort
Level of
effort
27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Replatform using Amazon ECS
Developers Version Control
Repository
Test & Deployment
Manager
Infrastructure
Provisioning
Container
Scheduling &
Orchestration
Image Build Service Container Image
Repository
AWS Toolkit for
Visual Studio
28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Replatform Windows file servers using file gateway
Customer Premises
HTTPS
SMB or
NFS
File gateway Objects in your
Amazon S3 bucket
Application
server
• Supports SMB & NFS protocols
• Fully-managed local cache for low
latency access
• Ownership, permissions, and
timestamps are preserved
• Files stored as native Amazon S3
objects
• Apply versioning, lifecycle
management, and cross-region
replication (CRR) policies
Store and access objects in Amazon Simple Storage Service (Amazon S3) from file-based
applications with local caching
29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Refactor using AWS Lambda
Amazon VPC private
subnet
Pull data from CSV file
Perform ETL
Insert data into SQL table
Upload users
Data dropped in Amazon S3
schedule/event triggered
DB in private subnet
DB on instance
Web 01 Web 02 Web 03
App 01 App 02 App03
SQL 01 SQL 02
Batch
Jobs
Department Website
Profile # 1
Regulatory apps (PCI) with
batch jobs
Implement scheduled tasks with AWS Lambda
30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Building repeatable architecture
Automate – automate – automate
31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Repeatable Windows stacks using AWS CloudFormation
Template File
Defining Stack
CodeCommit,
Git, etc…
Dev
Test
Prod
The entire Windows stack can be
represented in an AWS CloudFormation
template
Use the version control
system of your choice to
store and track changes
to templates
Build out multiple
Windows stacks for dev,
test, and production
using templates
32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
AWS WAF • PCI
• OWASP Top 10
• Bot protection
• SQLi/XSS
• IP reputation
• CMS protection
AWS WAF – working with managed rulesets
33. All-in on AWS
• Continuous compliance
• Scalability
• Zero down time migration
• Improved security
• Turnkey high availability
• Optimized performance
• Improved agility
• Lower TCO
• Improved developer productivity
H
AZ1 AZ2
34. AlwaysOn
AG (Synchronous)
Final state architecture
Security, Certificate,
and Key Management
Configuration and
Systems Management
Storage
and Archiving
Monitoring,
Auditing, and
Logging
DevOps
Availability Zone 2 (AZ2)
Availability Zone 1 (AZ1)
Security Group
Web Server
Application
Auto Scaling
Private Subnet
Security Group
App Server
Security Group Security Group
Domain
Controller
AWS Managed
Microsoft AD
SQL
Server
or
Amazon RDS SQL
Server
(Secondary)
or
Replica
Replica
Replica
Public Subnet
NAT
GW
Security Group
WAP/Proxy
/RDGW
Security Group
Web Server
Auto Scaling
Private Subnet
Security Group
App Server
Auto Scaling
Security Group
SQL
Server
Security Group
Domain
Controller
AWS Managed
Microsoft AD
or
Amazon RDS SQL
Server
(Secondary)
or
Replica
Replica
Replica
Public Subnet
NAT
GW
Security Group
WAP/Proxy
/RDGW
Internet
Gateway
Domain
Controller
Domain
Controller
Denver
Domain
Controller
Domain
Controller
New York
VPN/
Direct C0nnect
IAM Systems Manager Amazon S3 AWS CloudTrail AWS
CodeDeploy
AWS
CodePipeline
AWS
CodeBuild
AWS
CodeCommit
Amazon
CloudWatch
Amazon S3
Glacier
Amazon
VPC
Endpoint
Amazon
Inspector
AWS
Config
Cloud
HSM
AWS Certificate
Manager (ACM)
CloudFront
(Content Dist.
Network)
AWS Shield
(DDOS)
AWS WAF (Web
Application
Firewall
Route 53 (DNS)
Internet
Application
Auto Scaling
Application
Auto Scaling
Application
Auto Scaling
Application
Auto Scaling
Application
Auto Scaling
35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Automation is key. How do I automate updates?
Start temporary
instance
AWS latest
Windows
AMI
Update Amazon
EC2Config or
Amazon EC2 Launch
Update PV drivers and run
Windows updates
Invoke user provided
scripts
Run a sysprep/
generalise
Stop
temporary
instance
Custom AMI ready for
deployment
37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Life without RDP - session manager
VPC
IAM
permissions Session
manager
SSM
endpoint
38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Operating your cloud
Self-Managed
• AWS Service Catalog
• AWS Systems Manager
• AWS Management Tools & Services
• Modeling and provisioning
• Automation and operations
• Monitoring and logging
• Third-party tools
AWS Managed Services (AMS) Partner Managed
•40+ curated services
•“Month-to-month” terms
•Addresses security and compliance
(PCI, SOC, ISO, HIPAA, NIST
certified/compliant)
•Seven management services provided
•100+ Managed Service Partners (MSP)
•Certification program
•Third-party audit
•Full lifecycle services
https://aws.amazon.com/partners/msp/
Multiple operational models to fit your needs
39. Putting it all together
Microsoft Windows
Amazon EC2 Instances
AMI
Amazon
Inspector
Golden
AMI
AMI Factory with
Amazon Inspector
ADFS SAML
Token
Users
On-premises AD
Integration
L2, L3, L4, & L7
Native Security
Maintenance
windows
Patch
manager
Run
command
State
manager
Parameter
store
Native Windows
Security Management
Tools
Detective, Corrective
Controls
Logging, Monitoring
Controls
Automate
Migration
H
40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Migration summary
• Seamlessly migrated core business applications, Active Directory, SQL Server, and .Net
applications to AWS
• Built highly available application architecture using multiple Availability Zones (Is HA = DR?)
• Implemented centralized governance and compliance using AWS Landing Zone solution
• Minimized downtime and risks with AWS Server Migration Service & AWS Data Migration Service
• Used AWS CloudFormation service to deploy infrastructure as a code
• Used Amazon ECS to simplify deployment of containerized .Net applications
• Modernize .Net applications with AWS Lambda serverless functions
• Leveraged flexible licensing options
• Simplified operations with cloud native tools like AWS Systems Manager
41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Tools to help you migrate
AWS MIGRATION SERVICES
AWS Server Migration Service
AWS Database Migration Service
VMware Cloud on AWS
AWS Schema Conversion Tool
AWS Application Discovery Service Amazon S3 Transfer Acceleration
AWS Storage & File Gateway
AWS Direct Connect
AWS Snowball & Snowmobile
Amazon Kinesis Data Firehose
AWS DATA TRANSFER
Inventory Business Case
App Dependency
Mapping
Validation
Workload & Data
Migration
Deep Discovery &
Planning
Found on
AWS MIGRATION HUB
A single location to track the
progress of application migrations
across AWS and partner solutions
Partner migration tools are vetted by AWS
Deloitte
Deloitte
DeloitteDeloitte
42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Key Takeaways
43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Resources
Amazon Web Services and Microsoft FAQ
https://aws.amazon.com/windows/faq/
Microsoft Licensing on AWS
https://aws.amazon.com/windows/resources/licensing/
Microsoft Servers on the AWS Cloud—Quick Start
https://docs.aws.amazon.com/quickstart/latest/accelerator-msservers/welcome.html
Short Video Series on How to run Windows workloads on AWS
https://www.youtube.com/playlist?list=PLhr1KZpdzukcZEpM1wap9dkr3zgTRdRrD
Explore .Net on AWS
https://aws.amazon.com/developer/language/net/
AWS Landing Zone solution
https://aws.amazon.com/answers/aws-landing-zone/
Whitepapers
http://aws.amazon.com/microsoft/whitepapers
44. Thank you!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Steve Sofian
Senior Solutions Architect
Worldwide Public Sector
AWS